Source/core/html/HTMLFormElement.cpp - Issue 311033003: Implementing mixed content for forms posting to insecure location from secure ones

Side by Side Diff: Source/core/html/HTMLFormElement.cpp

Issue 311033003: Implementing mixed content for forms posting to insecure location from secure ones (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Moved the check for mixed content to a better location. Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserv ed.	5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserv ed.

6 * (C) 2006 Alexey Proskuryakov (ap@nypop.com)	6 * (C) 2006 Alexey Proskuryakov (ap@nypop.com)

7 *	7 *

8 * This library is free software; you can redistribute it and/or	8 * This library is free software; you can redistribute it and/or

9 * modify it under the terms of the GNU Library General Public	9 * modify it under the terms of the GNU Library General Public

10 * License as published by the Free Software Foundation; either	10 * License as published by the Free Software Foundation; either

(...skipping 19 matching lines...) Expand all Loading...
30 #include "bindings/v8/ScriptController.h"	30 #include "bindings/v8/ScriptController.h"

31 #include "bindings/v8/ScriptEventListener.h"	31 #include "bindings/v8/ScriptEventListener.h"

32 #include "core/dom/Attribute.h"	32 #include "core/dom/Attribute.h"

33 #include "core/dom/Document.h"	33 #include "core/dom/Document.h"

34 #include "core/dom/ElementTraversal.h"	34 #include "core/dom/ElementTraversal.h"

35 #include "core/dom/IdTargetObserverRegistry.h"	35 #include "core/dom/IdTargetObserverRegistry.h"

36 #include "core/events/AutocompleteErrorEvent.h"	36 #include "core/events/AutocompleteErrorEvent.h"

37 #include "core/events/Event.h"	37 #include "core/events/Event.h"

38 #include "core/events/GenericEventQueue.h"	38 #include "core/events/GenericEventQueue.h"

39 #include "core/events/ScopedEventQueue.h"	39 #include "core/events/ScopedEventQueue.h"

	40 #include "core/frame/DOMWindow.h"

	41 #include "core/frame/LocalFrame.h"

	42 #include "core/frame/UseCounter.h"

	43 #include "core/frame/csp/ContentSecurityPolicy.h"

40 #include "core/html/HTMLCollection.h"	44 #include "core/html/HTMLCollection.h"

41 #include "core/html/HTMLDialogElement.h"	45 #include "core/html/HTMLDialogElement.h"

42 #include "core/html/HTMLImageElement.h"	46 #include "core/html/HTMLImageElement.h"

43 #include "core/html/HTMLInputElement.h"	47 #include "core/html/HTMLInputElement.h"

44 #include "core/html/HTMLObjectElement.h"	48 #include "core/html/HTMLObjectElement.h"

45 #include "core/html/RadioNodeList.h"	49 #include "core/html/RadioNodeList.h"

46 #include "core/html/forms/FormController.h"	50 #include "core/html/forms/FormController.h"

47 #include "core/loader/FrameLoader.h"	51 #include "core/loader/FrameLoader.h"

48 #include "core/loader/FrameLoaderClient.h"	52 #include "core/loader/FrameLoaderClient.h"

49 #include "core/frame/DOMWindow.h"	53 #include "core/loader/MixedContentChecker.h"

50 #include "core/frame/LocalFrame.h"

51 #include "core/frame/UseCounter.h"

52 #include "core/frame/csp/ContentSecurityPolicy.h"

53 #include "core/rendering/RenderTextControl.h"	54 #include "core/rendering/RenderTextControl.h"

54 #include "platform/UserGestureIndicator.h"	55 #include "platform/UserGestureIndicator.h"

	56 #include "wtf/text/AtomicString.h"

55	57

56 using namespace std;	58 using namespace std;

57	59

58 namespace WebCore {	60 namespace WebCore {

59	61

60 using namespace HTMLNames;	62 using namespace HTMLNames;

61	63

	64 namespace {

	65

	66 KURL getActionURL(const Document& document, const String& action)

	67 {

	68 return action.isEmpty() ? document.url() : document.completeURL(action);

	69 }

	70

	71 } // namespace

	72

62 HTMLFormElement::HTMLFormElement(Document& document)	73 HTMLFormElement::HTMLFormElement(Document& document)

63 : HTMLElement(formTag, document)	74 : HTMLElement(formTag, document)

64 #if !ENABLE(OILPAN)	75 #if !ENABLE(OILPAN)

65 , m_weakPtrFactory(this)	76 , m_weakPtrFactory(this)

66 #endif	77 #endif

67 , m_associatedElementsAreDirty(false)	78 , m_associatedElementsAreDirty(false)

68 , m_imageElementsAreDirty(false)	79 , m_imageElementsAreDirty(false)

69 , m_hasElementsAssociatedByParser(false)	80 , m_hasElementsAssociatedByParser(false)

70 , m_didFinishParsingChildren(false)	81 , m_didFinishParsingChildren(false)

71 , m_wasUserSubmitted(false)	82 , m_wasUserSubmitted(false)

(...skipping 312 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
384 ASSERT(submission->data());	395 ASSERT(submission->data());

385 ASSERT(submission->state());	396 ASSERT(submission->state());

386 if (submission->action().isEmpty())	397 if (submission->action().isEmpty())

387 return;	398 return;

388 if (document().isSandboxed(SandboxForms)) {	399 if (document().isSandboxed(SandboxForms)) {

389 // FIXME: This message should be moved off the console once a solution t o https://bugs.webkit.org/show_bug.cgi?id=103274 exists.	400 // FIXME: This message should be moved off the console once a solution t o https://bugs.webkit.org/show_bug.cgi?id=103274 exists.

390 document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, " Blocked form submission to '" + submission->action().elidedString() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set.");	401 document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, " Blocked form submission to '" + submission->action().elidedString() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set.");

391 return;	402 return;

392 }	403 }

393	404

	405 KURL actionURL = getActionURL(document(), m_attributes.action());
	abarth-chromium 2014/06/09 16:31:37 You no longer need to call getActionURL because em You no longer need to call getActionURL because empty Strings have already been weeded out on line 397. Also, all the rest of this code gets the URL from submission->action() rather than from m_attributes.action(). We should probably match them. mhm 2014/06/09 20:20:35 Done. Show quoted text On 2014/06/09 16:31:37, abarth wrote: > You no longer need to call getActionURL because empty Strings have already been > weeded out on line 397. > > Also, all the rest of this code gets the URL from submission->action() rather > than from m_attributes.action(). We should probably match them. Done.
	406 if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionU RL))

	407 UseCounter::count(document(), UseCounter::MixedContentSubmittedForm);

	408 if (!document().frame()->loader().mixedContentChecker()->canSubmitToInsecure Form(document().securityOrigin(), actionURL))

	409 return;

	410

394 if (protocolIsJavaScript(submission->action())) {	411 if (protocolIsJavaScript(submission->action())) {

395 if (!document().contentSecurityPolicy()->allowFormAction(KURL(submission ->action())))	412 if (!document().contentSecurityPolicy()->allowFormAction(KURL(submission ->action())))
	abarth-chromium 2014/06/09 16:31:37 It looks like the correct way to get a KURL from s It looks like the correct way to get a KURL from submission->action() is to pass the string directly to the KURL constructor rather than to call completeURL on it. Please refactor this code so that we only parse the URL once in this function. Please consider changing the type of m_action in FormSubmission to KURL. I doubt there's a reason to keep it as a String. mhm 2014/06/09 20:20:35 Done. Show quoted text On 2014/06/09 16:31:37, abarth wrote: > It looks like the correct way to get a KURL from submission->action() is to pass > the string directly to the KURL constructor rather than to call completeURL on > it. Please refactor this code so that we only parse the URL once in this > function. > > Please consider changing the type of m_action in FormSubmission to KURL. I > doubt there's a reason to keep it as a String. Done.
396 return;	413 return;

397 document().frame()->script().executeScriptIfJavaScriptURL(submission->ac tion());	414 document().frame()->script().executeScriptIfJavaScriptURL(submission->ac tion());

398 return;	415 return;

399 }	416 }

400	417

401 LocalFrame* targetFrame = document().frame()->loader().findFrameForNavigatio n(submission->target(), submission->state()->sourceDocument());	418 LocalFrame* targetFrame = document().frame()->loader().findFrameForNavigatio n(submission->target(), submission->state()->sourceDocument());

402 if (!targetFrame) {	419 if (!targetFrame) {

403 if (!DOMWindow::allowPopUp(*document().frame()) && !UserGestureIndicator ::processingUserGesture())	420 if (!DOMWindow::allowPopUp(*document().frame()) && !UserGestureIndicator ::processingUserGesture())

404 return;	421 return;

405 targetFrame = document().frame();	422 targetFrame = document().frame();

(...skipping 377 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
783 returnValue0 = radioNodeList(name, onlyMatchImg);	800 returnValue0 = radioNodeList(name, onlyMatchImg);

784 }	801 }

785	802

786 void HTMLFormElement::setDemoted(bool demoted)	803 void HTMLFormElement::setDemoted(bool demoted)

787 {	804 {

788 if (demoted)	805 if (demoted)

789 UseCounter::count(document(), UseCounter::DemotedFormElement);	806 UseCounter::count(document(), UseCounter::DemotedFormElement);

790 m_wasDemoted = demoted;	807 m_wasDemoted = demoted;

791 }	808 }

792	809

	810 void HTMLFormElement::attributeChanged(const QualifiedName& name, const AtomicSt ring& newValue, AttributeModificationReason)

	811 {

	812 Element::attributeChanged(name, newValue);

	813 if (name == actionAttr) {

	814 // If the new action attribute is pointing to insecure "action" location from a secure page

	815 // it is marked as "passive" mixed content. In other words, it will just

	816 // show a console warning unless the user override the preferences to

	817 // block all mixed content.

	818 KURL actionURL = getActionURL(document(), m_attributes.action());

	819 if (MixedContentChecker::isMixedContent(document().securityOrigin(), act ionURL)) {

	820 document().frame()->loader().mixedContentChecker()->canSubmitToInsec ureForm(document().securityOrigin(), actionURL);

	821 UseCounter::count(document(), UseCounter::MixedContentForm);

	822 }

	823 }

	824 }
	abarth-chromium 2014/06/09 16:31:37 Please remove this part of the change. I don't th Please remove this part of the change. I don't think we need to count this information and it makes the engine slower. mhm 2014/06/09 20:20:35 Done. Show quoted text On 2014/06/09 16:31:37, abarth wrote: > Please remove this part of the change. I don't think we need to count this > information and it makes the engine slower. Done.
	825

793 } // namespace	826 } // namespace

OLD	NEW

« no previous file with comments | « Source/core/html/HTMLFormElement.h ('k') | Source/core/loader/MixedContentChecker.h » ('j') | Source/core/loader/MixedContentChecker.cpp » ('J')